 |
|
| OS X EXPLOITS AND DEFENSE
| |
| | |
|
|
Own it...Just Like Windows or Linux!
To order this title, and for more information, click here
By
Paul Baccas, Paul Baccas is a researcher at Sophos plc, the UK security company. After reading Engineering Science at Exeter College, Oxford, he worked
in various technical roles at Sophos, and is now mainly engaged in spam research. He is a frequent contributor to Virus Bulletin.
Kevin Finisterre, Kevin Finisterre is the former Head of Research and Co-founder of SNOSoft, Inc. aka Secure Network Operations. Kevin's primary focus has
been on the dissemination of information relating to the identification and exploitation of software vulnerabilities on various platforms.
Apple, IBM, SAP, Oracle, Symantec, and HP are among many vendors that have had problems that were identified by Kevin. Kevin is currently
very active in the Apple research and exploitation scene. He enjoys testing the limits and is constantly dedicated to thinking outside
the box. His current brainchild is the project he calls DigitalMunition.com.
Larry H., Larry H. has been doing security research on the Macintosh platform for over 2 years (since mid 2006), with strong focus on kernel land
security and implementation of proactive defense mechanisms for both Linux and the XNU kernel. Even though computers aren't his main
occupation, he enjoys developing new and improving existent exploitation and IDS evasion techniques, as well as researching on secure
OS design, security policy frameworks (MAC, RBAC, MLS, etc) and applied data mining. Even though this all sounds pretty serious, he enjoys
humor for the banter as well as reading through the King James Bible quite frequently.
David Harley, David Harley has been researching and writing about malicious software and other security issues since the end of the 1980s. From 2001
to 2006 he worked in the UK's National Health Service as a National Infrastructure Security Manager, where he specialized in the management
of malicious software and all forms of email abuse, as well as running the Threat Assessment Centre, and has worked since as an independent
author and consultant for Small Blue-Green World. He joined ESET's Research team in January 2008. He was co-author of Viruses Revealed
(McGraw-Hill) and lead author and technical editor of The AVIEN Malware Defense Guide for the Enterprise (Syngress), as well as a contributor
to Botnets: the Killer Web App (Syngress). He has contributed chapters to many other books on security and education for publishers such
as Wiley, Pearson and Vieweg, as well as a multitude of specialist articles and conference papers. In his copious free time he is Chief
Operations Officer for AVIEN (the Anti-Virus Information Exchange Network) and administers the MAC Virus web site.
Gary Porteus, Gary Porteous is a Professional Security Researcher based in the UK and a keen advocate of open source projects. A hacker in the old sense
of the word, as someone who creatively dissects and reconstructs technology, Gary feels both at home tinkering with small finite problem
solving as considering the pattern of modern technology and it's larger implications. Having been involved with Macintosh security since
1998, more recently he has worked as a systems engineer and consultant, and is currently employed as a Macintosh computer expert in the
UK educational sector. Alongside all this he enjoys escaping to the countryside whenever possible and helping to run the organization
AppleseedUK (www.appleseeduk.org).
Chris Hurley, Chris Hurley is a Senior Penetration Tester in the Washington, DC area. He has more than 10 years of experience performing penetration
testing, vulnerability assessments, and general INFOSEC grunt work. He is the founder of the WorldWide WarDrive, a four-year project
to assess the security posture of wireless networks deployed throughout the world. Chris was also the original organizer of the DEF CON
WarDriving contest. He is the lead author of WarDriving: Drive, Detect, Defend (Syngress Publishing, ISBN: 19318360305). He has contributed
to several other Syngress publications, including Penetration Tester's Open Source Toolkit (ISBN: 1-5974490210), Stealing the Network:
How to Own an Identity (ISBN: 1597490067), InfoSec Career Hacking (ISBN: 1597490113), and OS X for Hackers at Heart (ISBN: 1597490407).
He has a BS from Angelo State University in Computer Science and a whole bunch of certifications to make himself feel important.
Johnny Long, Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and
author. He can be found lurking at his website (http://johnny.ihackstuff.com). He is the founder of Hackers For Charity(http://ihackcharities.org),
an organization that provides hackers with job experience while leveraging their skills for charities that need those skills.
Description
Contrary to popular belief, there has never been any shortage of Macintosh-related security issues. OS9 had issues that warranted attention.
However, due to both ignorance and a lack of research, many of these issues never saw the light of day. No solid techniques were published
for executing arbitrary code on OS9, and there are no notable legacy Macintosh exploits. Due to the combined lack of obvious vulnerabilities
and accompanying exploits, Macintosh appeared to be a solid platform. Threats to Macintosh's OS X operating system are increasing in
sophistication and number. Whether it is the exploitation of an increasing number of holes, use of rootkits for post-compromise concealment
or disturbed denial of service, knowing why the system is vulnerable and understanding how to defend it is critical to computer security.
*
Macintosh OS X Boot Process and Forensic Software All the power, all the tools, and all the geekery of Linux is present in Mac
OS X. Shell scripts, X11 apps, processes, kernel extensions...it's a UNIX platform....Now, you can master the boot process, and Macintosh
forensic software.
* Look Back Before the Flood and Forward Through the 21st Century Threatscape Back in the
day, a misunderstanding of Macintosh security was more or less industry-wide. Neither the administrators nor the attackers knew much
about the platform. Learn from Kevin Finisterre how and why that has all changed!
* Malicious Macs: Malware and the Mac
As OS X moves further from desktops, laptops, and servers into the world of consumer technology (iPhones, iPods, and so on), what are
the implications for the further spread of malware and other security breaches? Find out from David Harley.
* Malware
Detection and the Mac Understand why the continuing insistence of vociferous Mac zealots that it "can't happen here" is likely
to aid OS X exploitationg
* Mac OS X for Pen Testers With its BSD roots, super-slick graphical interface, and
near-bulletproof reliability, Apple's Mac OS X provides a great platform for pen testing.
* WarDriving and Wireless Penetration
Testing with OS X Configure and utilize the KisMAC WLAN discovery tool to WarDrive. Next, use the information obtained during
a WarDrive, to successfully penetrate a customer's wireless network.
* Leopard and Tiger Evasion Follow Larry
Hernandez through exploitation techniques, tricks, and features of both OS X Tiger and Leopard, using real-world scenarios for explaining
and demonstrating the concepts behind them.
* Encryption Technologies and OS X Apple has come a long way from
the bleak days of OS9. THere is now a wide array of encryption choices within Mac OS X. Let Gareth Poreus show you what they are.
Audience
Information security professionals, network administrators, system analysts and administrators, penetration testers, software and technical engineers
Contents
Overview: The OS X operating system
Current and past threats
Vulnerabilities
Malicious Code
Exploit development and research
Rootkits
Defense and protection
Detecting malicious code; rootkits
Protecting against exploits
Locking down services and firewall policies
Future threats and malicious advancements facing OS X
| Bibliographic details |
Paperback, 352 pages, publication date: APR-2008
ISBN-13: 978-1-59749-254-6
Imprint: SYNGRESS
|
| Price and Ordering |
Price:
EUR 42.95
GBP 35.99
USD 59.95
|  |
Books and book related electronic products are priced in US dollars (USD), euro (EUR), and Great Britain Pounds (GBP). USD prices apply to the Americas and Asia Pacific. EUR prices apply in Europe and the Middle East. GBP prices apply to the UK and all other countries.
|
See also information about conditions of sale & ordering procedures, and links to our regional sales offices.
|
999/999
Last update: 26 Oct 2009
|
|
| |
| | |
|
|
| |
Home | Elsevier Sites | Privacy Policy | Terms and Conditions | Feedback | Site Map | A Reed Elsevier Company